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We claim: 



1 1 . A collaborative file rights management method comprising: 

2 identifying a file input/output (I/O) request to access a file, said file I/O request 

3 originating in an authoring application; 

4 suppressing said file I/O request; 

5 _ automatically extracting digital rights management data appended to said file; 

6 ~ providing said file to said authoring application; and, 

k's 's 

7jfy managing access to said file in said authoring application based upon said 



8fg extracted digital rights management data. 

i y 
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1 H* 2. The method of claim 1 , further comprising: 
2% decrypting said file. 

1 3. The method of claim 1 , wherein said extracting step further comprises: 

2 determining environmental data associated with said file I/O request, said 

3 environmental data comprising at least one of a requestor's identity, a requestor's class, 

4 a requestor's computing domain, a requestor's location, a password, a time of day, and 

5 a date; and, 

6 extracting an access policy appended to said file 
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1 4. The method of claim 3, wherein said providing step comprises: 

2 comparing said access policy to at least a portion of said environmental data; 

3 authenticating said file I/O request based upon said comparison; and, 

4 providing said file to said authoring application only if said file I/O request has 

5 been authenticated. 

1 5. The method of claim 1 , wherein said suppressing step comprises: 

2 *S posting a responsive message to said authoring application; 

3 J intercepting an operating system event in said authoring application, said 
4 IH operating system event indicating receipt of said responsive message; and, 

5 HI quashing further processing of said intercepted operating system event. 

1 L; 6. The method of claim 1 , wherein said identifying step comprises: 

2y[ monitoring kernel-level file I/O requests contained in I/O request packets 

3 processed in a file system manager; and, 

4 detecting said file I/O request to access said file in one of said I/O request 

5 packets. 

1 7. The method of claim 1 , wherein said management step comprises: 

2 intercepting operating system messages in said authoring application; 
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3 detecting among said intercepted operating system messages, operating system 

4 messages directed to authoring application operations which can be limited according 

5 to digital rights specified in said extracted digital rights management data; and, 

6 quashing said detected events where said digital rights management data 

7 prohibits execution of said authoring application operations. 

1 8. The method of claim 7, wherein said authoring application operations comprise 



2yg operations selected from the group consisting of clipboard operations, printing 

3 *D operations, file saving operations, and file editing operations. 

PJ 

m 

1 " y 9. A collaborative file rights management method comprising: 

2II identifying a file input/output (I/O) request to save a file, said request originating 

3ffi in an authoring application; 

O 

4iM= suppressing said request and automatically encrypting said file; 

5 appending an access policy and digital rights management data to said 

6 encrypted file; and, 

7 storing said file in fixed storage. 



1 10. The method of claim 9, wherein said suppressing step comprises: 

2 posting a responsive message to said authoring application; 
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3 intercepting an operating system event in said authoring application, said 

4 operating system event indicating receipt of said responsive message; and, 

5 quashing further processing of said intercepted operating system event. 

1 11. The method of claim 9, wherein said identifying step comprises: 

2 monitoring kernel-level file I/O requests contained in I/O request packets 

3 processed in a file system manager; and, 
Q 

4 detecting said file I/O request to save said file in one of said I/O request packets. 



1 gj 12. A collaborative file rights management system comprising: 

ft I 

2 j" a file security management application configured to intercept operating system 
3N» messages directed to an authoring application; and, 

4 J a file security filter driver configured to identify file input/output (I/O) requests 

TO 1 

5^* received in a kernel-layer file system manager to open an encrypted file in said 

6 authoring application; 

7 said file security filter driver quashing said file I/O requests, decrypting said 

8 encrypted file and providing said decrypted file to said authoring application; 

9 said file security management application extracting digital rights management 

10 data appended to said encrypted file, detecting among intercepted operating system 

1 1 messages, operating system messages directed to authoring application operations 

12 which can be limited according to digital rights specified in said extracted digital rights 
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management data, and, quashing said detected events where said digital rights 
management data prohibits execution of said authoring application operations. 

13. A machine readable storage having stored thereon a computer program for 
managing digital rights in a collaborative file, said computer program comprising a 
routine set of instructions for causing the machine to perform the steps of: 

identifying a file input/output (I/O) request to access a file, said file I/O request 
originating in an authoring application; 
suppressing said file I/O request; 

automatically extracting digital rights management data appended to said file; 
providing said file to said authoring application; and, 
managing access to said file in said authoring application based upon said 
extracted digital rights management data. 

14. The machine readable storage of claim 13, further comprising: 
decrypting said file. 

15. The machine readable storage of claim 13, wherein said extracting step further 
comprises: 

determining environmental data associated with said file I/O request, said 
environmental data comprising at least one of a requestor's identity, a requestors class, 
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5 a requestor's computing domain, a requestor's location, a password, a time of day, and 

6 a date; and, 

7 extracting an access policy appended to said file 

1 16. The machine readable storage of claim 15, wherein said providing step 

2 comprises: 

3 comparing said access policy to at least a portion of said environmental data; 
4^ authenticating said file I/O request based upon said comparison; and, 

5yi providing said file to said authoring application only if said file I/O request has 

6|ji been authenticated. 

an r, 

1 f" 17. The machine readable storage of claim 13, wherein said suppressing step 

2!^ comprises: 

jj jj 5 

if™ - ! 

3£2 posting a responsive message to said authoring application; 

4 intercepting an operating system event in said authoring application, said 

5 operating system event indicating receipt of said responsive message; and, 

6 quashing further processing of said intercepted operating system event. 

1 18. The machine readable storage of claim 13, wherein said identifying step 

2 comprises: 
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3 monitoring kernel-level file I/O requests contained in I/O request packets 

4 processed in a file system manager; and, 

5 detecting said file I/O request to access said file in one of said I/O request 

6 packets. 



1 19. The machine readable storage of claim 13, wherein said management step 

2 comprises: 

3 !i i intercepting operating system messages in said authoring application; 

4 ^ detecting among said intercepted operating system messages, operating system 

flJ 

5jn messages directed to authoring application operations which can be limited according 

6fU to digital rights specified in said extracted digital rights management data; and, 
7^ quashing said detected events where said digital rights management data 

8jjr prohibits execution of said authoring application operations. 

y ' 

o 

1 20. The machine readable storage of claim 19, wherein said authoring application 

2 operations comprise operations selected from the group consisting of clipboard 

3 operations, printing operations, file saving operations, and file editing operations. 



P1023371;1 



29 



